Skip to content

Avoid nil-pointer panic when Rego template source is missing#706

Open
sozercan wants to merge 1 commit intomasterfrom
codex/fix-nil-dereference-in-rego-source-handling
Open

Avoid nil-pointer panic when Rego template source is missing#706
sozercan wants to merge 1 commit intomasterfrom
codex/fix-nil-dereference-in-rego-source-handling

Conversation

@sozercan
Copy link
Copy Markdown
Member

@sozercan sozercan commented Apr 9, 2026

Motivation

  • GetSource in the Rego schema driver dereferenced code.Source without checking for nil, allowing a malformed ConstraintTemplate with engine: Rego and missing/null source to cause a nil-pointer panic and crash the process.

Description

  • Add a nil guard in constraint/pkg/client/drivers/rego/schema.GetSource to return ErrMissingField when code.Source is nil or code.Source.Value is nil, preventing dereference of a nil pointer.
  • Add unit tests in constraint/pkg/client/drivers/rego/schema/schema_test.go to cover both Source: nil and Source with an empty Anything value and assert ErrMissingField is returned.
  • Preserve existing behavior for valid source payloads and error semantics for bad types or missing required rego field.

Testing

  • Ran go test ./pkg/client/drivers/rego/schema from the constraint/ module and the package tests passed successfully.
  • Attempting to run go test from the repository root path that is not a Go module produced a module initialization error, so tests were executed from the constraint module instead.

Codex Task

Copilot AI review requested due to automatic review settings April 9, 2026 19:39
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the Rego schema driver against malformed ConstraintTemplate inputs by preventing a nil-pointer panic when the Rego template source is missing.

Changes:

  • Add a nil guard in schema.GetSource to return ErrMissingField when code.Source or code.Source.Value is nil.
  • Add unit tests covering both Source: nil and Source with a nil Value.
Show a summary per file
File Description
constraint/pkg/client/drivers/rego/schema/schema.go Adds early validation to avoid dereferencing a nil Source/Value and returns a consistent missing-field error.
constraint/pkg/client/drivers/rego/schema/schema_test.go Adds regression tests to ensure missing/empty source returns ErrMissingField rather than panicking.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

JaydipGabani
JaydipGabani approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@JaydipGabani JaydipGabani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@JaydipGabani
Copy link
Copy Markdown
Contributor

JaydipGabani commented Apr 17, 2026

@dependabot rebase

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JaydipGabani JaydipGabani JaydipGabani approved these changes

Assignees

No one assigned

Labels

aardvark codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sozercan @JaydipGabani